Service interruption on Monday 11 July from 12:30 to 13:00: all the sites of the CCSD (HAL, EpiSciences, SciencesConf, AureHAL) will be inaccessible (network hardware connection).
Skip to Main content Skip to Navigation
Conference papers

Extended HTTP Digest Access Authentication

Abstract : User authentication to a server is typically done by presenting a username and a password in some protected form to the server, and having the server verify that those credentials correspond to an identity previously registered and authorized for access. It is crucial that attackers never get access to operational passwords, which typically is achieved by encryption in transit, or through a challenge-response protocol between the client and server computer platforms. However, these mechanisms do not protect passwords at the moment when they are entered into the client computer, which leaves the password exposed to attacks by malware on the client. We present a method for protecting passwords from being exposed on client platforms. The method is an extension of the well-known HTTP Digest Access Authentication which is a challenge-response protocol specified as part of HTTP. The method relies on an external mostly offline personal authentication device called OffPAD which communicates with the client platform. We show how the presented authentication scheme increases security as well as enhances usability with regard to identity management. In addition to describing the OffPAD device, we argue that the HTTP Digest Access Authentication standard does not conform to today’s best practices, and suggest improvements.
Document type :
Conference papers
Complete list of metadata
Contributor : Hal Ifip Connect in order to contact the contributor
Submitted on : Friday, February 17, 2017 - 2:48:57 PM
Last modification on : Friday, February 17, 2017 - 3:16:30 PM
Long-term archiving on: : Thursday, May 18, 2017 - 2:27:03 PM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Henning Klevjer, Kent Are Varmedal, Audun Jøsang. Extended HTTP Digest Access Authentication. 3rd Policies and Research in Identity Management (IDMAN), Apr 2013, London, United Kingdom. pp.83-96, ⟨10.1007/978-3-642-37282-7_7⟩. ⟨hal-01470505⟩



Record views


Files downloads